Resource access

ABSTRACT

An apparatus comprising means for performing: at a first time, controlling whether a user is granted access to a resource based on a response of the user to a first access task, and setting one or more restrictions on granted access to the resource based on the response of the user to the first access task; at a second time, controlling whether the user is granted access to the resource based on a response of the user to a second access task, different to the first access task, and setting one or more restrictions on granted access to the resource based on the response of the user to the second access task; and initiating a change from the first access task to the second access task, wherein the initiation of the change is causally independent of the response of the user to the first access task.

TECHNOLOGICAL FIELD

Embodiments of the present disclosure relate to resource access. Somerelate to controlling access for a user to at least one resource basedon a response of the user to an access task.

BACKGROUND

Access tasks protect access to resources. The access tasks are used todecide whether to grant or deny a user access to resources. Access toresources is granted if the access tasks are completed by a user andaccess to the same resources is denied if the same access tasks arefailed by the user.

Examples of access tasks include PIN-based device-unlock tasks or facialrecognition-based device-unlock tasks.

Resources which are protected by access tasks include system resourcessuch as system software and hardware controlled and operated by thesystem software and also include application software resources such asproductivity software, entertainment software, social software, etc. andtheir respective constituent functions, processes and threads.

BRIEF SUMMARY

According to various, but not necessarily all, embodiments there isprovided an apparatus comprising means for: at a first time, controllingwhether or not a user is granted access to at least one resource basedon an obtained response of the user to a first access task; at the firsttime, setting one or more restrictions on granted access to the at leastone resource based on the obtained response of the user to the firstaccess task; at a second time, controlling whether or not the user isgranted access to the at least one resource based on an obtainedresponse of the user to a second access task, different to the firstaccess task; at the second time setting one or more restrictions ongranted access to the at least one resource based on the obtainedresponse of the user to the second access task; and initiating a changefrom the first access task to the second access task, wherein theinitiation of the change is causally independent of the obtainedresponse of the user to the first access task.

The apparatus may be configured as a device and comprise: the at leastone resource; means for rendering the access task to the user; and meansfor obtaining the response of the user to the first and/or second accesstask.

According to various, but not necessarily all, embodiments there isprovided an apparatus comprising at least one processor and at least onememory, including computer program code. The at least one memory and thecomputer program code are configured to, with the at least oneprocessor, cause the apparatus at least to perform: at a first time,controlling whether or not a user is granted access to at least oneresource based on an obtained response of the user to a first accesstask; at the first time, setting one or more restrictions on grantedaccess to the at least one resource based on the obtained response ofthe user to the first access task; at a second time, controlling whetheror not the user is granted access to the at least one resource based onan obtained response of the user to a second access task, different tothe first access task; at the second time setting one or morerestrictions on granted access to the at least one resource based on theobtained response of the user to the second access task; and initiatinga change from the first access task to the second access task, whereinthe initiation of the change is causally independent of the obtainedresponse of the user to the first access task.

According to various, but not necessarily all, embodiments there isprovided a method comprising: at a first time, controlling whether ornot a user is granted access to at least one resource based on anobtained response of the user to a first access task; at the first time,setting one or more restrictions on granted access to the at least oneresource based on the obtained response of the user to the first accesstask; at a second time, controlling whether or not the user is grantedaccess to the at least one resource based on an obtained response of theuser to a second access task, different to the first access task; at thesecond time setting one or more restrictions on granted access to the atleast one resource based on the obtained response of the user to thesecond access task; and automatically initiating a change from the firstaccess task to the second access task, wherein the initiation of thechange is causally independent of the obtained response of the user tothe first access task.

According to various, but not necessarily all, embodiments there isprovided a computer program that, when run on a computer, performs: at afirst time, controlling whether or not a user is granted access to atleast one resource based on an obtained response of the user to a firstaccess task; at the first time, setting one or more restrictions ongranted access to the at least one resource based on the obtainedresponse of the user to the first access task; at a second time,controlling whether or not the user is granted access to the at leastone resource based on an obtained response of the user to a secondaccess task, different to the first access task; at the second timesetting one or more restrictions on granted access to the at least oneresource based on the obtained response of the user to the second accesstask; and initiating a change from the first access task to the secondaccess task, wherein the initiation of the change is causallyindependent of the obtained response of the user to the first accesstask.

According to various, but not necessarily all, embodiments there isprovided a non-transitory computer readable medium, computer product, ormachine readable medium, comprising instructions stored thereon forperforming at least the following: at a first time, controlling whetheror not a user is granted access to at least one resource based on anobtained response of the user to a first access task; at the first time,setting one or more restrictions on granted access to the at least oneresource based on the obtained response of the user to the first accesstask; at a second time, controlling whether or not the user is grantedaccess to the at least one resource based on an obtained response of theuser to a second access task, different to the first access task; at thesecond time setting one or more restrictions on granted access to the atleast one resource based on the obtained response of the user to thesecond access task; and initiating a change from the first access taskto the second access task, wherein the initiation of the change iscausally independent of the obtained response of the user to the firstaccess task.

The following portion of this ‘Brief Summary’ section, describes variousfeatures that may be features of any of the embodiments described in theforegoing portion of the ‘Brief Summary’ section. The description of afunction should additionally be considered to also disclose any meanssuitable for performing that function.

Setting one or more restrictions on granted access may comprisecontrolling one or more permissions of the at least one resource to atleast one system resource via which the user can interact with the atleast one resource.

Setting one or more restrictions on granted access may comprise grantingaccess for the user to at least one of a plurality of resources anddenying access for the user to at least one other of the plurality ofresources.

Setting one or more restrictions on granted access to the at least oneresource may comprise setting a time limit on the granted access.

Setting one or more restrictions on granted access to the at least oneresource may comprise controlling settings of at least one systemresource via which the user can interact with the at least one resource.

The first and second access task may comprise rendering one or moretarget elements rendered to the user for identification by the user.

In some, but not necessarily all, examples the first access task differsfrom the second access task in respect of one or more distractorelements rendered to the user.

The change from the first access task to the second access task maycomprise changing one or more of: a ratio; a proximity; a similarity; ora relative movement, of the one or more distractor elements to the oneor more target elements.

The means may be configured to: obtain gaze-tracking data of the user;and determine when a fixation position of a gaze of the user matches arendered position of the one or more target elements, wherein theobtained response of the user to the first and/or second access task isbased on a duration and/or frequency of the fixation position of thegaze of the user matching the rendered position of the one or moretarget elements.

The means may be configured to: prevent access to the at least oneresource if the determined response of the user is within a first classof responses; set first one or more restrictions on granted access tothe at least one resource if the determined response of the user iswithin a second class of responses; and set second one or morerestrictions, different to the first restrictions, on granted access tothe at least one resource if the measured response of the user is withina third class of responses.

The means may be configured to: classify the obtained response of theuser to the first and/or second access task; control whether or not auser is granted access to at least one resource based on aclassification of the determined response of the user; and set one ormore restrictions on granted access to the at least one resource basedon the classification of the determined response of the user.

The initiation of the change from the first access task to the secondaccess task may be causally dependent on a change, occurring between thefirst and second times, in one or more values of one or more monitoredparameters which vary with actions of the user.

The means may be configured to: obtain an expected usage of the at leastone resource at the first time and at the second time based on the oneor more values of the one or more monitored parameters at the first andsecond time respectively; and initiate the change from the first accesstask to the second access task if the expected usage at the second timeis different to the expected usage at the first time.

According to various, but not necessarily all, embodiments there isprovided examples as claimed in the appended claims.

BRIEF DESCRIPTION

Some examples will now be described with reference to the accompanyingdrawings in which:

FIG. 1 shows an example of a method as described herein;

FIG. 2 shows an example of different expected usages as describedherein;

FIG. 3 shows an example of an apparatus as described herein;

FIGS. 4A to 4C show examples of access tasks as described herein;

FIG. 5 shows an example of gaze tracking as described herein;

FIG. 6 shows an example of obtaining a response of the user to an accesstask as described herein;

FIGS. 7A to 7C show examples of different responses as described herein;

FIGS. 8A and 8B show examples of restrictions on granted access asdescribed herein;

FIGS. 9A to 9C show other examples of restrictions on granted access asdescribed herein;

FIG. 10 shows an example of a controller as described herein; and

FIG. 11 shows an example of a delivery mechanism as described herein.

DETAILED DESCRIPTION

FIG. 1 illustrates a method 100 for controlling access for a user to oneor more resources 250 (as first illustrated in FIG. 3). These resources250 can comprise: system resources including system software andhardware controlled and operated by the system software; and applicationsoftware resources including productivity software, entertainmentsoftware, social software, etc. and their respective constituentfunctions, processes and threads. Access to these resources 250 can begranted or denied. When granted access, a user can interact with theresources 250. When denied access, a user cannot operate or control theresources 250.

The method 100 comprises a first sub-method 110 for controlling accessbased on a response of the user to an access task 240 (as firstillustrated in FIG. 3) and a second sub-method 120 for initiatingchanges to the access task 240 such that a user is faced with differentaccess tasks 240 at different times. The two sub-methods 110, 120 arecausally independent in that the initiation of changes to the accesstask 240 is causally independent of the response of the user to a prioraccess task 240 and thus also causally independent of the resultingcontrol of access for the user to the one or more resources 250.

The first sub-method 110 comprises, at block 112, controlling whether ornot a user is granted access to at least one resource 250 based on anobtained response of the user to an access task 240. The firstsub-method 110 then comprises, at block 114, setting one or morerestrictions on granted access to the at least one resource 250 based onthe obtained response of the user to the access task 240.

The obtained response of the user to the access task 240 may be receivedfrom a device for measuring the response, or determined by processingdata received from a device for measuring the response, or determinedfrom measurements of the response.

The response of the user to the access task 240 is indicative of thecognitive control state of the user. Cognitive control state relates toa person's ability to resist distraction or mind wandering events. Thus,for example, the time for the user to complete the access task 240 isindicative of their distractibility during the access task 240 and thustheir cognitive control state can be estimated accordingly. For example,if the time taken for the user to complete the access task 240 differsby a statistically significant margin from a statistical average timefor the user to complete the access task 240 or comparable access task(for example, in terms of complexity), this can be attributed to ahigher or lower cognitive control state of the user than usual duringthe access task 240.

The use of certain resources 250, such as for example social software,while in a lowered cognitive control state makes users vulnerable totechnical measures employed by these resources 250 to gain the attentionof the user and to distract them from other activities. This leads to anincrease in the time spent interacting with these resources 250.Increases in the time spent interacting with these resources 250 canhave a detrimental effect on the mental well-being of the user, a directdetrimental effect on the physical well-being of the user such as eyestrain or repetitive strain injury (RSI), and a detrimental effect onthe power consumption of the device via which the user interacts withthese resources 250. Setting one or more restrictions on granted access,as per block 114 of the first sub-method 110, is a countermeasureagainst the technical measures employed by these resources 250, thusreducing the time spent interacting with these resources 250 andameliorating the aforementioned detrimental effects.

The second sub-method 120 comprises, at block 122, initiating a changein the access task 240, from a first access task to a second, differentaccess task. Therefore, at a first time the controlling of whether auser is granted access to at least one resource 250 and the setting ofone or more restrictions on the granted access, as per blocks 112 and114 of the first sub-method 110 respectively, are based on a response ofthe user to the first access task and at a second time they are based ona response of the user to the second, different access task.

The initiation of this change is causally independent of the obtainedresponse of the user to the first access task. For example, if the userfails to complete an access task 240 at the first time, this does notinitiate a change to the access task 240. To illustrate this pointfurther it is to be appreciated that where the initiation of a change inthe access task 240 is causally dependent on the response of the user tothe access task 240 (contrary to block 122 of the method 100), thefailure of the user to complete an access task 240 at the first time maytrigger the change of the access task 240. An example of such causaldependence is the switching from a facial recognition-baseddevice-unlock task to a PIN-based device-unlock task at least in part inresponse to failure of the facial recognition-based device-unlock task.

The change is not initiated by the user. For example, the change is notinitiated by the user manually adjusting setting relating to the accesstask 240 in the interval between the first and second times so that atthe second time they are faced with a different access task 240. Thechange is initiated by a machine and the change is thus automaticallyinitiated. In some examples, the machine autonomously initiates thechange.

In some examples the initiation of the change in the access task 240 iscausally dependent on a change, occurring between the first and secondtimes, in one or more values of one or more monitored parameters whichvary with actions of the user. Examples of such monitored parametersinclude, without limitation:

-   -   a time-of-day at which the user seeks access to the at least one        resource 250 via the access task 240;    -   a real-world location from where the user seeks access to the at        least one resource 250 via the access task 240; and    -   biometric parameters indicative of the mood or behavior of the        user such as facial expression, heart rate, and breathing rate.

The initiation of the change in the access task 240 may not beresponsive to just any change in the one or more values of the one ormore monitored parameters. In some examples, the initiation of thechange in the access task 240 is responsive to a determination that theaforementioned change the one or more values of the one or moremonitored parameters represents a change in an expected usage of the atleast one resource 250 to which the user seeks access.

Thus, the method 100 can comprise obtaining an expected usage of the atleast one resource 250 at a first time and at a second time based on thevalues of the one or more monitored parameters at the first and secondtime respectively. In this example the method 100 comprises initiationof a change, in accordance with block 122, from the first access task tothe second access task if the expected usage at the second time isdifferent to the expected usage at the first time.

FIG. 2 schematically illustrates a parameter space 124 which is definedby these one or more monitored parameters α, β which vary with actionsof the user. Each dimension 126 ₁, 126 ₂ of the parameter space 124 isrepresented by one of the monitored parameters α, β. Although theparameter space 124 is only illustrated in two dimensions 126 ₁, 126 ₂in FIG. 2 it is to be appreciated that the parameter space 124 may beone-dimensional or multi-dimensional with the number of dimensionscorresponding to the number of monitored parameters α, β. Thus, theparameter space 124 is spanned by the monitored parameters α, β.

In this example the parameter space 124 is divided into a plurality ofdefined subspaces 128 ₁, 128 ₂, 128 ₃, 128 ₄, each associated with adifferent expected usage of the at least one resource 250 to which theuser seeks access. Thus, if values of the monitored parameters α, βdescribe a point with a subspace, those values are indicative of theexpected usage associated with that particular subspace. Determiningthat a change in the one or more values of the one or more monitoredparameters α, β represents a change in the expected usage between thefirst and second times therefore comprises determining if the values ofthose monitored parameters α, β at the second time describe a pointwhich is within a different subspace to a point described by the valuesof those monitored parameters α, β at the first time.

In some examples the definition of the subspaces 128 ₁, 128 ₂, 128 ₃,128 ₄ associated with different expected usage is determinative,according to a set of rules (or a specified algorithm) which defineboundaries in respect of particular monitored parameters α, β. Theserules may be personalized by the user. For example, the user may specifyhis work hours, during which their expected usage of the at least oneresource is for work purposes, and his free time, during which theirexpected usage of the at least one resource is for leisure purposes. Therules may be adapted to a user-specified itinerary.

In other examples, the definition of the subspaces 128 ₁, 128 ₂, 128 ₃,128 ₄ associated with different expected usage is controlled by machinelearning (or an unspecified algorithm).

The machine learning may be supervised, such as classification in theparameter space 124 using training data which correlates previous valuesof the monitored parameters α, β with previous data obtained by resourceusage tracking. Depending on the data obtained by resource usagetracking, the resultant trained algorithm may classify resource usage interms of the manner in which the user will use resources 250 generallyand or in terms of which specific resources 250 the user will use.

The machine learning may also be unsupervised, such as clustering in theparameter space 124, for example K-means clustering in the parameterspace 124.

The machine learning can be implemented by a pretrained algorithm or bya dynamically updated algorithm.

In some examples the method 100 comprises further classifying theexpected usage with respect to its expected impact on the wellbeing ofthe user.

In this example, the initiation of the change in the access task 240between first and second times that the user seeks access to the atleast one resource 250 is responsive to a determination that theexpected usage at the second time has a different expected impact on thewellbeing of the user to that of the expected usage at the first time.

The expected impact can be determined from a lookup table of predefinedimpact scores for different resource usages. The impact scores maypersonalized for the user. In some examples the personalized impactscores are defined by the user and in other examples the personalizedimpact scores are learnt from user behavior over time.

In some examples, the impact scores in the lookup table also vary withtotal resource usage time within a preceding period. For example, theuser may set a target usage limit of one hour per day for the at leastone resource 250. As the user approaches that time, the impact scoresmay decrease and become negative at least once the limit is reached.Additionally, during a user's defined or learnt work hours, resources250 which do not relate to the user's work may have a negative impactscore, whereas out of work hours, the wellbeing score may be higher.

The change in the access task 240 between first and second times thatthe user seeks access to the at least one resource 250 may be initiatedif the expected usage at the second time has a different impact score inthe lookup table to that of the expected usage at the first time.

In some examples, the initiated change in the access task 240 is onewhich produces a resultant access task 240 which is more or lesssensitive to differences in the cognitive control state of the user. Anaccess task 240 which is more sensitive to differences in the cognitivecontrol state of the user can be one in which the differences in themanner in which the access task 240 is performed by focused andunfocused users is emphasized. Accordingly, greater focus is required tocomplete such an access task 240 to thereby gain access to the resourcesthat it protects. An access task 240 which is less sensitive todifferences in the cognitive control state of the user will require lessfocus and may therefore be easier to perform.

When a determined expected usage relates to, for example:

-   -   absent-minded, and therefore unhealthy, usage of the at least        one resource 250; or usage of one or more resources 250 which        employ technical measures to gain the attention of the user and        to distract them from other activities,        restricting access to said resources 250 unless the user        demonstrates that they are in a high cognitive control state can        reduce the time spent by the user interacting with these        resources 250. When in a high cognitive control state, the user        is more likely to use the at least one resource 250 to which        they are granted access a focused manner and thus spend less        time interacting with the at least one resource 250.

This can be achieved by initiating a change in the access task 240 to anaccess task 240 which is more sensitive to differences in the cognitivecontrol state of the user in response to determining such expectedusage.

Outside of such expected usage, distinguishing between the cognitivecontrol state of the user may not be a priority. The ease by which theuser may obtain access to the at least one resource 250 may takepriority. In this case, a change in the access task 240 is initiatedwhich produces a resultant access task 240 which is less sensitive todifferences in the cognitive control state of the user and is thuseasier to complete for an unfocused user.

The method 100 may also comprise determining a confidence score for theaccuracy of the expected usage and the change in the access task 240 maynot be initiated in the event of low confidence in the accuracy of theexpected usage. For example, if it is 7 pm on a weekday, the user is athome, and 9 out of 10 times in the past the user has used the at leastone resource 250 in a particular manner in similar circumstances thenthere may be 90% confidence that the user will use the at least oneresource 250 in the same manner this time.

The initiation of a change in the access task 240 which produces aresultant access task 240 which is more sensitive to differences in thecognitive control state of the user may be overridden in instances wherea predicted tolerance of the user to such change is low. A predictedtolerance of the user to the change in the access task 240 can be basedon past resource usage, current circumstances, and user-specified rulessuch as, for example, lower tolerance when at the user's workplace andhigher tolerance when at the user's home.

In other examples, the initiated change in the access task 240 is onewhich produces a resultant access task 240 which is more contextuallyappropriate or compensates for difficulty induced by adverse conditions.For example, a visual search-based access task (such as, for example, animage identification captcha) may be made more challenging by lightconditions that produce screen glare and in such conditions a change inthe access task 240 may be initiated to either simplify the visualsearch-based access task or to switch to another type of access task. Asanother example, facial recognition may be less accurate in poor lightconditions and in such conditions a change in the access task 240 may beinitiated to switch to another type of access task.

FIGS. 3 schematically illustrate an example of an apparatus 200 that issuitable for performing the method 100.

The apparatus 200 comprises a controller 202.

In this example, the controller 202 comprises an access control module212 configured to control whether or not a user 300 is granted access232 to at least one resource 250 based on an obtained response 230 ofthe user to an access task 240. The controller 202 also comprises arestriction control module 214 configured to set one or morerestrictions 234 on granted access 232 to the at least one resource 250based on the obtained response 230 of the user 300 to the access task240.

In this example, the controller 202 additionally comprises a taskcontrol module 222 configured to initiate a change 236 in the accesstask 240 such that the user 300 is faced with a first access task torespond to at a first time and is them faced with a second, differentaccess task to respond to at a second time. The initiation of the change236 is causally independent of the obtained response 230 of the user tothe first access task as described above.

The controller 202 may be provided by any suitable hardware orcircuitry. The modules 212, 214, 222 may be hardware modules of thecontroller 202 or may be functional modules of the controller 202 andcan be enabled by firmware or software. For example, in someimplementations the controller 202 is a processor, for example a centralprocessing unit running an operating system. The modules 212, 214, 222represent functionality provided by the operating system when run on theprocessor.

In some examples the apparatus 200 further comprises the at least oneresource 250 with which a user 300 can interact when granted access 232by the controller 202. The apparatus 200 can be additionally configuredto render the access task 240 to the user 300 and to obtain the response230 of the user 300 to the access task 240 either by receive user inputfrom which a response of the user 300 to the access task 240 can beobtained, either directly or by means of processing the received userinput or by measuring parameters which parameterize the response 230 ofthe user 300. Examples of such parameters may comprise a fixationposition of a gaze of the user as described in relation to FIGS. 5 and 6below.

For example, the apparatus 200 may be configured as or comprised in adevice such as a smartphone or tablet.

In this example, the at least one resource 250 comprises device systemresources such as device hardware or device system software includingthe operating system and/or application software resources that can berun on the device.

In this example, the device may be configured to render the access task240 to the user 300. Rendering the access task 240 puts the access task240 into a format in which it can be perceived by the user 300. Theaccess task 240 can be rendered to the user 300 as a visual output froma display of the device, as an audio output from a speaker of thedevice, or as another perceptible output from another user interface ofthe device. These means for rendering the access task 240 to the user300 can also be configured to enable interaction between the user 300and the at least one resource 250 in the event of granted access 232.

In this example, the device can also comprise sensors configured toreceive user input from the user 300 from which the response 230 of theuser 300 to the access task 240 can be obtained or to otherwise measureparameters which parameterize the response 230 of the user 300.

FIGS. 4A to 4C schematically illustrate examples of different accesstasks 240 ₁, 240 ₂, 240 ₃. In these examples, the type of access taskremains the same but the parameters of the access task change.

In these examples the access tasks 240 ₁, 240 ₂, 240 ₃ are all a type ofvisual search-based task. The access tasks 240 ₁, 240 ₂, 240 ₃ compriseone or more target element T₁ to T₃ rendered to the user 300 foridentification by the user 300. In each case, successful identificationof the one or more target elements T₁ to T₃ by the user 300 completesthe access tasks 240 ₁, 240 ₂, 240 ₃. In some examples, completing theaccess tasks access tasks 240 ₁, 240 ₂, 240 ₃ requires the user 300 tosuccessfully identify the one or more target elements T₁ to T₃ in aprescribed order. For example, the one or more target elements T₁ to T₃may be a set of numbers from a rendered grid of numbers and the accesstask 240 may be to input a PIN code comprising the set of numbers in aprescribed order.

The access tasks 240 ₁, 240 ₂, 240 ₃ differ in respect of one or moredistractor elements D₁ to D₆ which are rendered to the user.

In these examples, the one or more target elements T₁ to T₃ and one ormore distractor elements D₁ to D₆ are graphical elements which arerendered to the user 300 by means of a display 242. In other examplesthe one or more target elements T₁ to T₃ and one or more distractorelements D₁ to D₆ can be rendered as audio via, for example, a loudspeaker. Rendering either of the one or more target elements T₁ to T₃and one or more distractor elements D₁ to D₆ puts these elements into aformat in which they can be perceived by the user 300.

The change 236 in the access task 240, as initiated in accordance withblock 122 of the second sub-method 120, comprises changing one or moreof: a ratio; a proximity; a similarity (in, for example, shape, sizeand/or color); and a relative movement, of the one or more distractorelements D₁ to D₆ to the one or more target elements T₁ to T₃.

In access task 240 ₁, as schematically illustrated in FIG. 4A, onlytarget elements T₁ to T₃ are rendered to the user. No distractorelements are rendered to the user 300.

In access task 240 ₂, as schematically illustrated in FIG. 4B,distractor elements D₁, D₂ are rendered to the user 300 in addition tothe target elements T₁ to T₃.

In access task 240 ₃, as schematically illustrated in FIG. 4C,distractor elements D₃ to D₆ are rendered to the to the user 300 inaddition to the target elements T₁ to T₃.

The distractor elements D₃ to D₆ of the access task 240 ₃ are morenumerous, are in closer proximity to, and in some cases are more similarto, the target elements T₁ to T₃ than the distractor elements D₁, D₂ ofthe access task 240 ₂. As a result, it is harder for the user 300 todistinguish between the target elements T₁ to T₃ and the distractorelements D₃ to D₆ than it is for the user to distinguish between thetarget elements T₁ to T₃ and the distractor elements D₁, D₂. It istherefore easier to focus attention on the distractor elements D₃ to D₆and hence to be distracted during the access task 240 ₃ of FIG. 4C. Thedifferences in the response 230 of the user 300 when they are moresusceptible to distraction (i.e., in a lower cognitive control state)and the response 230 of the user 300 when they are less susceptible todistraction (i.e., in a higher cognitive control state) is emphasized bythe access task 240 ₃ of FIG. 4C as compared to the access task 240 ₂ ofFIG. 4B. The access task 240 ₃ of FIG. 4C is more sensitive todifferences in the cognitive control state of the user 300.

An access task 240 with a greater ratio, proximity, similarity, and/orrelative movement, of distractor elements to target elements is moresensitive to differences in the cognitive control state of the user 300.An access task 240 with a lower ratio, proximity, similarity, and/orrelative movement, of distractor elements to target elements is lesssensitive to differences in the cognitive control state of the user 300.

The parameters of the access task 240 that is provided to the user 300when the user 300 seeks access to the at least one resource 250 can bebased on the expected usage (as described in relation to FIG. 2 above)at the time when the user 300 seeks access to the at least one resource250. For example, parameters such as: a ratio, a proximity, asimilarity, and/or a relative movement, of the one or more distractorelements D₁ to D₆ to the one or more target elements T₁ to T₃ can bebased on the expected usage at the time when the user 300 seeks accessto the at least one resource 250. In these examples, the task controlmodule 222 is configured to determine these parameters.

The value of the parameters of the access task 240 can be determined byusing the expected usage to query a lookup table of preset values whichenable a suitably sensitive assessment of the cognitive control state ofthe user in view of the expected usage. The preset values may consist ofacceptable ranges, where exact values of the parameters of the accesstask 240 may be sequentially, randomly or otherwise assigned within therange so that the access task 240 varies for different occasions whenthe user 300 seeks access to the at least one resource 250 via theaccess task 240 even when the expected usage remains the same.Therefore, the access task 240 cannot by learnt by the user 300.

The one or more distractor elements D₁ to D₆ can be designed to resemblegraphical icons of a plurality of resources 250 and the salience of thefixation of the gaze of the user on one or more of these graphical iconsmay be used to acquire further information about the expected usage.

In some examples, identifying the one or more target elements T₁ to T₃comprises identifying the location of these elements within the display242. This can be achieved by gaze tracking as illustrated in FIG. 5.

In this example a camera 244, for example a front-facing camera mountedproximate the display 242 and comprised in the apparatus 200, observesthe eyes 302 of the user 300. Gaze tracking data obtain by the camera244 is processed to determine fixation positions 304 of the gaze of theuser 300 as a function of time. A fixation position 304 is determinedwhen the gaze of the user 300 is focused on a series of closelyclustered (in both time and space) points.

FIG. 5 illustrates two fixation positions 304—one which matches arendered position of a target element T₁ and one which matches arendered position of a distractor element D₂.

FIG. 6 schematically illustrates an example of obtaining the response230 of the user 300 from the apparatus 200 of FIG. 5.

In this example the fixation positions 304 of the gaze of the user 300as a function of time and the rendered positions 246 _(T) of the one ormore target elements T₁ to T₃ are compared, at the apparatus 200, todetermine when a fixation position 304 of the gaze of the user 300matches a rendered position 246 _(T) of the one or more target elementsT₁ to T₃. The matching of a fixation position 304 of the gaze of theuser 300 with a rendered position 246 _(T) of one of the target elementsT₁ to T₃ can be considered as identification of that target element.

A fixation duration on the one or more target elements T₁ to T₃ can bedetermined from a duration of matches between the fixation positions 304of the gaze of the user 300 and the rendered positions 246 _(T) of theone or more target elements T₁ to T₃.

Where the target elements T₁ to T₃ are dynamic rather than static,positions 246 _(T) of the one or more target elements T₁ to T₃ are alsoexpressed as a function of time.

The obtained response 230 of the user 300 to the access task 240 can bebased on a total time taken to identify all of the one or more targetelements T₁ to T₃, and thus to complete the access task 240. Forexample, the obtained response 230 of the user 300 to the access task240 can be based on a total time taken for fixation positions 304 of thegaze of the user 300 to have matched with the rendered positions 246_(T) of all of the one or more target elements T₁ to T₃.

The obtained response 230 of the user 300 to the access task 240 canadditionally or alternatively be based on elapsed time between newidentifications of previously unidentified ones of the target elementsT₁ to T₃.

Alternatively, the obtained response 230 of the user 300 to the accesstask 240 can be based on a fixation duration on the one or more targetelements T₁ to T₃ and/or a frequency at which the fixation position 304of the gaze of the user 300 matches the rendered positions 246 _(T) ofthe one or more target elements T₁ to T₃.

In some, but not necessarily all, examples the fixation positions 304 ofthe gaze of the user 300 as a function of time can also be compared tothe rendered positions 246 _(D) of the one or more distractor elementsD₁ to D₆ to determine when the fixation position 314 of the gaze of theuser 300 matches a rendered position 246 _(D) of the one or moredistractor elements D₁ to D₆.

A fixation duration on the one or more distractor elements D₁ to D₆ canbe determined from a duration of matches between the fixation positions304 of the gaze of the user 300 and the rendered positions 246 _(D) ofthe one or more distractor elements D₁ to D₆.

Where the distractor elements D₁ to D₆ are dynamic rather than static,positions 246 _(D) of the one or more distractor elements D₁ to D₆ arealso expressed as a function of time.

In one example the obtained response 230 of the user 300 to the accesstask 240 is determined from a ratio of the fixation duration on the oneor more target elements T₁ to T₃ to the fixation duration on the one ormore distractor elements D₁ to D₆.

In another example the obtained response 230 of the user 300 to theaccess task 240 is determined from a frequency at which a fixationposition 304 of the gaze of the user 300 changes from matching therendered position 246 _(T) of the one or more target elements T₁ to T₃to matching the rendered position 246 _(D) of the one or more distractorelements D₁ to D₆.

FIG. 6 can be implemented by a gaze processing module forming part ofthe controller 202 or associated with the camera 244. This gazeprocessing module receives as inputs: the fixation positions 304 of thegaze of the user 300 as a function of time; the rendered positions 246_(T) of the one or more target elements T₁ to T₃; and the renderedpositions 246 _(D) of the one or more distractor elements D₁ to D₆. Thisgaze processing module outputs the obtained response 230 of the user 300to the access task 240 towards the access control module 212 and therestriction control module 214.

Different responses 230 of a user 300 to an access task 240 result indifferent levels of access for the user 300 to the at least one resource250.

FIGS. 7A to 7C schematically illustrate different responses 230 of theuser 300 to an access task 240 and the resultant access for the user 300to the at least one resource 250.

In the example of FIG. 7A, a response 230 ₁ of the user 300 falls withina first class of responses. In this example the first class of responsescorresponds to the user 300 failing to complete the access task 240. Inaccordance with block 112 of the first sub-method 110, access to the atleast one resource 250 is prevented based on the failure of the user 300to complete the access task 240.

In the example of FIG. 7B, a response 230 ₂ of the user 300 to theaccess task 240 falls within a second class of responses. In thisexample the second class of responses correspond to a situation in whichthe user 300 completes the access task 240 and, in doing so,demonstrates that they are in a low cognitive control state. Forexample, the user 300 may have required repeated attempts beforecompleting the access task 240 or may have taken a long time to completethe access task 240. In this example, since the user 300 has completedthe access task 240, the user 300 is granted access 232 to the at lastone resource 250. Based on the response 230 ₂, first one or morerestrictions 234 ₁ are set on the granted access 232 to the at last oneresource 250.

In the example of FIG. 7C, a response 230 ₃ of the user 300 to theaccess task 240 falls within a third class of responses. In thisexample, the third class of responses correspond to a situation in whichthe user 300 completes the access task and, in doing so, demonstratesthat they are in a moderate cognitive control state. Like the example ofFIG. 7B, the user 300 is granted access 232 to the at least one resource250 since they have completed the access task 240. In this example,however, second one or more restrictions 234 ₂ on the granted access 232are set, the second one or more restrictions 234 ₂ being different tothe first one or more restrictions 234 ₁. Since the response 230 ₃ ofthe user 300 in this example demonstrates that the user is in a highercognitive control state than they were in in the example of FIG. 7B, thesecond one or more restrictions 234 ₂ on the granted access 232 arelighter than the first one or more restrictions 234 ₁. The grantedaccess 232 for the user 300 to the at last one resource 250 is lessrestricted in the example of FIG. 7C than in the example of FIG. 7B.

Responses 230 of the user 300 to the access task 240 can be explicitlyclassified according to, for example, a specified algorithm or rulessuch as a lookup table or according to, for example, an unspecifiedalgorithm resulting from supervised machined learning using classifiedpast responses as training data (classification). Alternatively,responses 230 of the user 300 to the access task 240 can be implicitlyclassified according to, for example, an unspecified algorithm fromunsupervised machined learning using unlabeled past responses astraining data (clustering).

It is to be understood that there may be more than three classes ofresponse and that classes which indicate that the user is in asufficiently high cognitive control state may result in granted access232 for the user 300 to the at last one resource 250 which isunrestricted.

FIGS. 8A and 8B and FIGS. 9A to 9C schematically illustrate examples ofthe one or more restrictions 234 on the granted access 232 which are setin accordance with block 114 of the first sub-method 110.

In the examples of FIGS. 8A and 8B, setting one or more restrictions 234on granted access 232 comprises controlling one or more settings of atleast one system resource 260.

In the example of FIG. 8A, the at least one resource 250 to which accessis controlled by the controller 202 is the at least one system resource260.

In the example of FIG. 8B, the at least one system resource 260 is anintermediate component in a chain of communication between the user 300and the at least one resource 250 to which the user 300 seeks access.The at least one system resource 260 therefore enables the user tointeract with the at least one resource 250. The at least one resource250 may be an application software resource which the user 300 caninteract with via the at least one system resource 260.

In either example, controlling one or more settings of the at least onesystem resource 260 in order to restrict granted access 232 can comprisecontrolling one or more settings to reduce performance of the at leastone system resource 260. For example, where the at least one systemresource 260 comprises a processor, the processing speed can bethrottled, or where the at least one system resource 260 comprises adisplay driver, the color palette can be reduced, for example fromfull-color to greyscale.

The reduction in performance of the at least one system resource 260discourages continued usage of the at least one resource 250.

Alternatively, controlling one or more settings of the at least onesystem resource 260 in order to restrict granted access 232 can comprisecontrolling one or more settings to improve the wellbeing of the user300. For example, a bluelight filter may be applied or screen brightnessreduced.

The lower the cognitive control state of the user 300 is when they aregranted access 232 to the at least one resource, the higher thelikelihood of the user getting distracted and spending a prolonged timeinteracting with the at least one resource 250. Rather than discouragingcontinued usage, by controlling one or more settings of the at least onesystem resource 260 improve the wellbeing of the user 300, thedetrimental effects of prolonged usage as discussed above can beameliorated.

In the examples of FIGS. 9A to 9C, setting one or more restrictions 234on granted access 232 comprises controlling one or more permissions 266of the at least one resource 250 to system resources 260 via which theuser 300 can interact with the at least one resource 250. The at leastone resource 250 may be an application software resource which the user300 can interact with via the at least one system resource 260.

In the example of FIG. 9A, the one or more restrictions 234 on thegranted access 232 comprise reducing permissions 266 of the at least oneresource 250 to system resources 260 via which the user 300 can interactwith the at least one resource 250. In this example, the at least oneresource 250 is denied permission to a first subset 262 of the systemresources 260 and granted permission to a second subset 264 of thesystem resources 260. Different one or more restrictions 234 alter thefirst and second subsets 262, 264. First one or more restrictions 234 ₁cause permission of the at least one resource 250 to a particular systemresource 260 to be denied while second one or more restrictions 234 ₂ donot deny permission of the at least one resource 250 to that particularsystem resource 260. Therefore, under second one or more restrictions234 ₂, the granted access 232 enables interaction between the user 300and the at least one resource via that particular system resource 260.

In an illustrative example, the user 300 may be provided restrictedaccess to an application in so far as the user 300 can run theapplication, however the application may be denied permission to anotification system and thus cannot engage the attention of the user viarendering notifications to the user 300 and/or denied permission to anaudio rendering system and thus cannot engage the attention of the uservia audio rendered to the user 300.

In the example of FIG. 9B, the one or more restrictions 234 on thegranted access 232 comprise reducing permissions 266 of a first or afirst subset 252 of a plurality of resources 250 to at least one systemresource 260 wherein a second or a second subset 254 (which mayconstitute the remainder) of the plurality of the resources 250 aregranted permission to the at least one system resource 260. In someexamples, the user 300 is only granted access to a subset 254 of aplurality of resources 250, wherein in the absence of the one or morerestrictions 234, the plurality of resources 250 would have beenaccessible to the user 300.

In an illustrative example, permission to run social applications usinga processor may be denied whilst productivity applications can be run bythe processor. The user 300 is thereby granted access to theproductivity applications but denied access to the social applicationsby means of the one or more restrictions 234 set on the granted access232. More generally, setting one or more restrictions 234 on grantedaccess 232 may comprise granting access for the user to at least one ofa plurality of resources 250 and denying access for the user to at leastone other of the plurality of resources 250.

It should be noted that in some examples the one or more permissions 266of separate ones of the plurality of resources 250 may be independentlycontrolled in relation to separate ones of a plurality of systemresources 260 via which the user 300 can interact with the resources250.

The permissions 266 can be obtained from a permissions lookup table. Inthis example the permissions lookup table is an array having differentdimensions spanned by: different properties that resources 250 may have;the identity of the plurality of system resources 260; and theclassification of responses to the access task 240.

The first and second subsets 262 and 264 of the system resources 260 canbe determined by querying the permissions lookup table using thedetermined classification of the response of the user 300 to the accesstask 240 and known properties of the at least one resource 250. Such aquery returns the permissions 266 to different ones of the plurality ofsystem resources 260. Those system resources 260 to which permission isdenied form the first subset 262 and those system resources 260 to whichpermission is not denied form the second subset 264.

The first and second subsets 252 and 254 of the plurality of resources250 can be determined by querying the permissions lookup table using thedetermined classification of the response of the user 300 to the accesstask 240 and the identity of the at least one system resource 260. Sucha query returns the permissions 266 indexed by properties that resources250 may have. The first and second subsets 252 and 254 are then based onthe properties of different ones of the plurality of resources 250.

The properties of the at least one resource 250 may include, forexample: purpose such as productivity, entertainment, education, etc.;contextual associations such as work or recreation; distractivepotential which may be personalized for the user 300 or not. Theseproperties may be pre-defined by the resource creator, determined fromprevious resource usage, or specified by the user 300.

In the example of FIG. 9C, the one or more restrictions 234 on thegranted access 232 comprise a time limit 268 on one or more permissions266 of the at least one resource 250 to at least one system resource 260via which the user 300 can interact with the at least one resource 250.The time limit 268 may be a limit of a time period beginning with thegranted access 232 or may be a limit on a duration of interactionbetween the user 300 and the at least one resource 250 during a giventime period following the granted access 232.

In an illustrative example, permission to run an application using aprocessor may be granted until the time limit 268 expires and then saidpermission is denied. Therefore, in effect, the one or more restrictions234 set a time limit 268 on the granted access 232.

It should be noted that in some examples the time limits 268 in respectof the permissions 266 of different resources 250 to different systemresources 260 may be independently controlled.

In other examples, setting one or more restrictions 234 on grantedaccess 232 comprises enabling or disabling one or more functions,processes or threads of the at least one resource 250. Analogously tothe example one or more restrictions 234 of FIGS. 9A to 9C, the one ormore restrictions 234 may:

-   -   prevent the at least one resource 250 from executing one or a        subset of functions, processes or threads, wherein in the        absence of the one or more restrictions 234, the at least one        resource 250 would have been able to execute the one or a subset        of functions, processes or threads; and/or    -   set a time limit on when the at least one resource 250 is able        to execute one or a subset of functions, processes or threads.

Although in the foregoing the different one or more restrictions 234 onthe granted access 232 have been described as separate examples, it isto be appreciated that these one or more restrictions 234 may becombined and implemented concurrently.

FIG. 10 illustrates an example of the controller 202. Implementation ofthe controller 202 may be as controller circuitry. The controller 202may be implemented in hardware alone, have certain aspects in softwareincluding firmware alone or can be a combination of hardware andsoftware (including firmware).

As illustrated in FIG. 10 the controller 202 may be implemented usinginstructions that enable hardware functionality, for example, by usingexecutable instructions of a computer program 208 in a general-purposeor special-purpose processor 204 that may be stored on a computerreadable storage medium (disk, memory, etc.) to be executed by such aprocessor 204.

The processor 204 is configured to read from and write to the memory206. The processor 204 may also comprise an output interface via whichdata and/or commands are output by the processor 204 and an inputinterface via which data and/or commands are input to the processor 204.

The memory 206 stores a computer program 208 comprising computer programinstructions (computer program code) that controls the operation of theapparatus 200 when loaded into the processor 204. The computer programinstructions, of the computer program 208, provide the logic androutines that enables the apparatus 200 to perform the methodsillustrated in the FIGS. The processor 204 by reading the memory 206 isable to load and execute the computer program 208.

The apparatus 200 therefore comprises:

at least one processor 204; andat least one memory 206 including computer program codethe at least one memory 206 and the computer program code configured to,with the at least one processor 204, cause the apparatus 200 at least toperform:

-   -   at a first time:        -   controlling whether or not a user 300 is granted access 232            to at least one resource 250 based on an obtained response            230 of the user 300 to a first access task, and        -   setting one or more restrictions 234 on granted access 232            to the at least one resource 250 based on the obtained            response 230 of the user 300 to the first access task,    -   at a second time:        -   controlling whether or not a user 300 is granted access 232            to at least one resource 250 based on an obtained response            230 of the user 300 to a second access task, different to            the first access task, and        -   setting one or more restrictions 234 on granted access 232            to the at least one resource 250 based on the obtained            response 230 of the user 300 o the second access task; and    -   initiating a change 236 from the first access task to the second        access task, wherein the initiation of the change 236 is        causally independent of the obtained response 230 of the user        300 to the first access task.

As illustrated in FIG. 11, the computer program 208 may arrive at theapparatus 200 via any suitable delivery mechanism 400. The deliverymechanism 400 may be, for example, a machine readable medium, acomputer-readable medium, a non-transitory computer-readable storagemedium, a computer program product, a memory device, a record mediumsuch as a Compact Disc Read-Only Memory (CD-ROM) or a Digital VersatileDisc (DVD) or a solid state memory, an article of manufacture thatcomprises or tangibly embodies the computer program 208. The deliverymechanism may be a signal configured to reliably transfer the computerprogram 208. The apparatus 200 may propagate or transmit the computerprogram 208 as a computer data signal.

Computer program instructions that when run on a processor cause anapparatus to perform at least the following or enable at least thefollowing:

-   -   at a first time:        -   controlling whether or not a user 300 is granted access 232            to at least one resource 250 based on an obtained response            230 of the user 300 to a first access task, and        -   setting one or more restrictions 234 on granted access 232            to the at least one resource 250 based on the obtained            response 230 of the user 300 to the first access task,    -   at a second time:        -   controlling whether or not a user 300 is granted access 232            to at least one resource 250 based on an obtained response            230 of the user 300 to a second access task, different to            the first access task, and        -   setting one or more restrictions 234 on granted access 232            to the at least one resource 250 based on the obtained            response 230 of the user 300 o the second access task; and    -   initiating a change 236 from the first access task to the second        access task, wherein the initiation of the change 236 is        causally independent of the obtained response 230 of the user        300 to the first access task.

The computer program instructions may be comprised in a computerprogram, a non-transitory computer readable medium, a computer programproduct, a machine readable medium. In some but not necessarily allexamples, the computer program instructions may be distributed over morethan one computer program.

Although the memory 206 is illustrated as a single component/circuitryit may be implemented as one or more separate components/circuitry someor all of which may be integrated/removable and/or may providepermanent/semi-permanent/ dynamic/cached storage.

Although the processor 204 is illustrated as a singlecomponent/circuitry it may be implemented as one or more separatecomponents/circuitry some or all of which may be integrated/removable.The processor 204 may be a single core or multi-core processor.

References to ‘computer-readable storage medium’, ‘computer programproduct’, ‘tangibly embodied computer program’ etc. or a ‘controller’,‘computer’, ‘processor’ etc. should be understood to encompass not onlycomputers having different architectures such as single/multi-processorarchitectures and sequential (Von Neumann)/parallel architectures butalso specialized circuits such as field-programmable gate arrays (FPGA),application specific circuits (ASIC), signal processing devices andother processing circuitry. References to computer program,instructions, code etc. should be understood to encompass software for aprogrammable processor or firmware such as, for example, theprogrammable content of a hardware device whether instructions for aprocessor, or configuration settings for a fixed-function device, gatearray or programmable logic device etc.

As used in this application, the term ‘circuitry’ may refer to one ormore or all of the following:

(a) hardware-only circuitry implementations (such as implementations inonly analog and/or digital circuitry) and(b) combinations of hardware circuits and software, such as (asapplicable):(i) a combination of analog and/or digital hardware circuit(s) withsoftware/firmware and(ii) any portions of hardware processor(s) with software (includingdigital signal processor(s)), software, and memory(ies) that worktogether to cause an apparatus, such as a mobile phone or server, toperform various functions and(c) hardware circuit(s) and or processor(s), such as a microprocessor(s)or a portion of a microprocessor(s), that requires software (e.g.firmware) for operation, but the software may not be present when it isnot needed for operation.This definition of circuitry applies to all uses of this term in thisapplication, including in any claims. As a further example, as used inthis application, the term circuitry also covers an implementation ofmerely a hardware circuit or processor and its (or their) accompanyingsoftware and/or firmware. The term circuitry also covers, for exampleand if applicable to the particular claim element, a baseband integratedcircuit for a mobile device or a similar integrated circuit in a server,a cellular network device, or other computing or network device.

The blocks illustrated in the FIGS may represent steps in a methodand/or sections of code in the computer program 208. The illustration ofa particular order to the blocks does not necessarily imply that thereis a required or preferred order for the blocks and the order andarrangement of the block may be varied. Furthermore, it may be possiblefor some blocks to be omitted.

Where a structural feature has been described, it may be replaced bymeans for performing one or more of the functions of the structuralfeature whether that function or those functions are explicitly orimplicitly described.

The systems, apparatus, methods and computer programs may use machinelearning which can include statistical learning. Machine learning is afield of computer science that gives computers the ability to learnwithout being explicitly programmed. The computer learns from experienceE with respect to some class of tasks T and performance measure P if itsperformance at tasks in T, as measured by P, improves with experience E.The computer can often learn from prior training data to makepredictions on future data. Machine learning includes wholly orpartially supervised learning and wholly or partially unsupervisedlearning. It may enable discrete outputs (for example classification,clustering) and continuous outputs (for example regression). Machinelearning may for example be implemented using different approaches suchas cost function minimization, artificial neural networks, supportvector machines and Bayesian networks for example. Cost functionminimization may, for example, be used in linear and polynomialregression and K-means clustering. Artificial neural networks, forexample with one or more hidden layers, model complex relationshipbetween input vectors and output vectors. Support vector machines may beused for supervised learning. A Bayesian network is a directed acyclicgraph that represents the conditional independence of a number of randomvariables.

The algorithms hereinbefore described may be applied to achieve thefollowing technical effects: access control (for the user 300 to the atleast one resource250) and system resource 270 allocation (for the atleast one resource 250).

The above described examples find application as enabling components of:automotive systems; telecommunication systems; electronic systemsincluding consumer electronic products; distributed computing systems;media systems for generating or rendering media content including audio,visual and audio visual content and mixed, mediated, virtual and/oraugmented reality; personal systems including personal health systems orpersonal fitness systems; navigation systems; user interfaces also knownas human machine interfaces; networks including cellular, non-cellular,and optical networks; ad-hoc networks; the internet; the internet ofthings; virtualized networks; and related software and services.

The term ‘comprise’ is used in this document with an inclusive not anexclusive meaning. That is any reference to X comprising Y indicatesthat X may comprise only one Y or may comprise more than one Y. If it isintended to use ‘comprise’ with an exclusive meaning then it will bemade clear in the context by referring to “comprising only one..” or byusing “consisting”.

In this description, reference has been made to various examples. Thedescription of features or functions in relation to an example indicatesthat those features or functions are present in that example. The use ofthe term ‘example’ or ‘for example’ or ‘can’ or ‘may’ in the textdenotes, whether explicitly stated or not, that such features orfunctions are present in at least the described example, whetherdescribed as an example or not, and that they can be, but are notnecessarily, present in some of or all other examples. Thus ‘example’,‘for example’, ‘can’ or ‘may’ refers to a particular instance in a classof examples. A property of the instance can be a property of only thatinstance or a property of the class or a property of a sub-class of theclass that includes some but not all of the instances in the class. Itis therefore implicitly disclosed that a feature described withreference to one example but not with reference to another example, canwhere possible be used in that other example as part of a workingcombination but does not necessarily have to be used in that otherexample.

Although examples have been described in the preceding paragraphs withreference to various examples, it should be appreciated thatmodifications to the examples given can be made without departing fromthe scope of the claims.

Features described in the preceding description may be used incombinations other than the combinations explicitly described above.

Although functions have been described with reference to certainfeatures, those functions may be performable by other features whetherdescribed or not.

Although features have been described with reference to certainexamples, those features may also be present in other examples whetherdescribed or not.

The term ‘a’ or ‘the’ is used in this document with an inclusive not anexclusive meaning. That is any reference to X comprising a/the Yindicates that X may comprise only one Y or may comprise more than one Yunless the context clearly indicates the contrary. If it is intended touse ‘a’ or ‘the’ with an exclusive meaning then it will be made clear inthe context. In some circumstances the use of ‘at least one’ or ‘one ormore’ may be used to emphasis an inclusive meaning but the absence ofthese terms should not be taken to infer and exclusive meaning.

The presence of a feature (or combination of features) in a claim is areference to that feature or (combination of features) itself and alsoto features that achieve substantially the same technical effect(equivalent features). The equivalent features include, for example,features that are variants and achieve substantially the same result insubstantially the same way. The equivalent features include, forexample, features that perform substantially the same function, insubstantially the same way to achieve substantially the same result.

In this description, reference has been made to various examples usingadjectives or adjectival phrases to describe characteristics of theexamples. Such a description of a characteristic in relation to anexample indicates that the characteristic is present in some examplesexactly as described and is present in other examples substantially asdescribed.

Whilst endeavoring in the foregoing specification to draw attention tothose features believed to be of importance it should be understood thatthe Applicant may seek protection via the claims in respect of anypatentable feature or combination of features hereinbefore referred toand/or shown in the drawings whether or not emphasis has been placedthereon.

I/we claim:
 1. An apparatus comprising: at least one processor; and atleast one memory including computer program code the at least one memoryand the computer program code configured to, with the at least oneprocessor, cause the apparatus at least to perform: at a first time:controlling whether or not a user is granted access to at least oneresource based on an obtained response of the user to a first accesstask, and setting one or more restrictions on granted access to the atleast one resource based on the obtained response of the user to thefirst access task, at a second time: controlling whether or not the useris granted access to the at least one resource based on an obtainedresponse of the user to a second access task, different to the firstaccess task, and setting one or more restrictions on granted access tothe at least one resource based on the obtained response of the user tothe second access task; and initiating a change from the first accesstask to the second access task, wherein the initiation of the change iscausally independent of the obtained response of the user to the firstaccess task.
 2. The apparatus of claim 1 wherein setting one or morerestrictions on granted access comprises controlling one or morepermissions of the at least one resource to at least one system resourcevia which the user can interact with the at least one resource.
 3. Theapparatus of claim 1 wherein setting one or more restrictions on grantedaccess comprises granting access for the user to at least one of aplurality of resources and denying access for the user to at least oneother of the plurality of resources.
 4. The apparatus of claim 1 whereinsetting one or more restrictions on granted access to the at least oneresource comprises setting a time limit on the granted access.
 5. Theapparatus of claim 1 wherein setting one or more restrictions on grantedaccess to the at least one resource comprises controlling settings of atleast one system resource via which the user can interact with the atleast one resource.
 6. The apparatus of claim 1 wherein the first andsecond access task comprise rendering one or more target elementsrendered to the user for identification by the user.
 7. The apparatus ofclaim 6 wherein the first access task differs from the second accesstask in respect of one or more distractor elements rendered to the user.8. The apparatus of claim 7 wherein the change from the first accesstask to the second access task comprises changing one or more of: aratio; a proximity; a similarity; or a relative movement, of the one ormore distractor elements to the one or more target elements.
 9. Theapparatus of claim 6 wherein the at least one memory and the computerprogram code are configured to, with the at least one processor, causethe apparatus at least to further perform: obtaining gaze-tracking dataof the user; and determining when a fixation position of a gaze of theuser matches a rendered position of the one or more target elements,wherein the obtained response of the user to the first and/or secondaccess task is based on a duration and/or frequency of the fixationposition of the gaze of the user matching the rendered position of theone or more target elements.
 10. The apparatus of claim 1 wherein the atleast one memory and the computer program code are configured to, withthe at least one processor, cause the apparatus at least to furtherperform: preventing access to the at least one resource if thedetermined response of the user is within a first class of responses;setting first one or more restrictions on granted access to the at leastone resource if the determined response of the user is within a secondclass of responses; and setting second one or more restrictions,different to the first restrictions, on granted access to the at leastone resource if the measured response of the user is within a thirdclass of responses.
 11. The apparatus of claim 1 wherein the at leastone memory and the computer program code are configured to, with the atleast one processor, cause the apparatus at least to further perform:classifying the obtained response of the user to the first and/or secondaccess task; controlling whether or not a user is granted access to atleast one resource based on a classification of the determined responseof the user; and setting one or more restrictions on granted access tothe at least one resource based on the classification of the determinedresponse of the user.
 12. The apparatus of claim 1 wherein theinitiation of the change from the first access task to the second accesstask is causally dependent on a change, occurring between the first andsecond times, in one or more values of one or more monitored parameterswhich vary with actions of the user.
 13. The apparatus of claim 12wherein the the at least one memory and the computer program code areconfigured to, with the at least one processor, cause the apparatus atleast to further perform: obtaining an expected usage of the at leastone resource at the first time and at the second time based on the oneor more values of the one or more monitored parameters at the first andsecond time respectively; and initiating the change from the firstaccess task to the second access task if the expected usage at thesecond time is different to the expected usage at the first time.
 14. Amethod comprising: at a first time: controlling whether or not a user isgranted access to at least one resource based on an obtained response ofthe user to a first access task, and setting one or more restrictions ongranted access to the at least one resource based on the obtainedresponse of the user to the first access task, at a second time:controlling whether or not the user is granted access to the at leastone resource based on an obtained response of the user to a secondaccess task, different to the first access task, and setting one or morerestrictions on granted access to the at least one resource based on theobtained response of the user to the second access task; andautomatically initiating a change from the first access task to thesecond access task, wherein the initiation of the change is causallyindependent of the obtained response of the user to the first accesstask.
 15. The method of claim 14 wherein setting one or morerestrictions on granted access comprises controlling one or morepermissions of the at least one resource to at least one system resourcevia which the user can interact with the at least one resource.
 16. Themethod of claim 14 wherein the initiation of the change from the firstaccess task to the second access task is causally dependent on a change,occurring between the first and second times, in one or more values ofone or more monitored parameters which vary with actions of the user.17. The method of claim 16, further comprising: obtaining an expectedusage of the at least one resource at the first time and at the secondtime based on the one or more values of the one or more monitoredparameters at the first and second time respectively; and initiating thechange from the first access task to the second access task if theexpected usage at the second time is different to the expected usage atthe first time.
 18. A non-transitory computer readable medium comprisingprogram instructions stored thereon for performing at least thefollowing:: at a first time: controlling whether or not a user isgranted access to at least one resource based on an obtained response ofthe user to a first access task, and setting one or more restrictions ongranted access to the at least one resource based on the obtainedresponse of the user to the first access task, at a second time:controlling whether or not the user is granted access to the at leastone resource based on an obtained response of the user to a secondaccess task, different to the first access task, and setting one or morerestrictions on granted access to the at least one resource based on theobtained response of the user to the second access task; and initiatinga change from the first access task to the second access task, whereinthe initiation of the change is causally independent of the obtainedresponse of the user to the first access task.
 19. A non-transitorycomputer readable medium as claimed in claim 18, wherein the initiationof the change from the first access task to the second access task iscausally dependent on a change, occurring between the first and secondtimes, in one or more values of one or more monitored parameters whichvary with actions of the user.
 20. A non-transitory computer readablemedium as claimed in claim 19, further comprising program instructionsstored thereon for performing at least: obtaining an expected usage ofthe at least one resource at the first time and at the second time basedon the one or more values of the one or more monitored parameters at thefirst and second time respectively; and initiating the change from thefirst access task to the second access task if the expected usage at thesecond time is different to the expected usage at the first time.